Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Branch Admin Requires Code Change #3

Open
slominskir opened this issue May 15, 2024 · 2 comments
Open

Branch Admin Requires Code Change #3

slominskir opened this issue May 15, 2024 · 2 comments

Comments

@slominskir
Copy link
Member

Ideally assignment of a new branch admin role could be done completely without having to change the code. A new table could be created for this purpose, for example. See:

srm/src/main/java/org/jlab/srm/business/session/AbstractFacade.java

Lines 216 to 252 in 25852c3

protected boolean isAdminOrBranchAdmin(String username, Category branchRoot) {
boolean isAdminOrBranchAdmin = false;
boolean isAdmin = context.isCallerInRole("srm-admin");
if (isAdmin) {
isAdminOrBranchAdmin = true;
} else {
boolean isBranchAdmin = false;
if (branchRoot != null) {
switch (branchRoot.getName()) {
case "Hall A":
isBranchAdmin = context.isCallerInRole("halead");
break;
case "Hall B":
isBranchAdmin = context.isCallerInRole("hblead");
break;
case "Hall C":
isBranchAdmin = context.isCallerInRole("hclead");
break;
case "Hall D":
isBranchAdmin = context.isCallerInRole("hdlead");
break;
case "LERF":
isBranchAdmin = context.isCallerInRole("lerfadm");
break;
case "Cryo":
isBranchAdmin = context.isCallerInRole("cryoadm");
break;
}
}
if (isBranchAdmin) {
isAdminOrBranchAdmin = true;
}
}
return isAdminOrBranchAdmin;
}

Issue moved from Jira
@slominskir
Copy link
Member Author

slominskir commented Sep 10, 2024
edited
Loading

You also can't add a category directly as a child of the root at the moment from the Setup tab (you can't select JLAB directly at the moment). This means you must either insert Category using backend developer database connection or else add it to wrong location first and then move it using backend developer database connection to be child of JLAB (root).

@slominskir
Copy link
Member Author

slominskir commented Sep 10, 2024
edited
Loading

Also requires code change here:

srm/src/main/webapp/WEB-INF/tags/page.tag

Line 48 in 92d7621

<c:if test="${pageContext.request.isUserInRole('srm-admin') || pageContext.request.isUserInRole('halead') || pageContext.request.isUserInRole('hblead') || pageContext.request.isUserInRole('hclead') || pageContext.request.isUserInRole('hdlead') || pageContext.request.isUserInRole('lerfadm') || pageContext.request.isUserInRole('cryoadm')}">

And here:

srm/src/main/webapp/WEB-INF/web.xml

Line 82 in 92d7621

<role-name>cryoadm</role-name>

And here:

srm/src/main/webapp/WEB-INF/web.xml

Lines 106 to 108 in 92d7621

<security-role>
<role-name>cryoadm</role-name>
</security-role>

The last two are for declarative security and require either a code change or making a parent role such as "srm-branch-adm" in which all other roles are members of and having that global role be defined in the declarative way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@slominskir